From f870df9ac6b484d1808b76d40216bbeb7677b225 Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic
<137783811+natasha-moore-elastic@users.noreply.github.com>
Date: Thu, 14 Nov 2024 16:07:37 +0000
Subject: [PATCH 1/2] Fixes style issue on Deploy with MDM page (#6163)
(cherry picked from commit d0eab8ab1d66d1b8578cbe6a77dab706e45d937f)
# Conflicts:
# docs/serverless/edr-install-config/deploy-with-mdm.asciidoc
---
.../management/admin/deploy-with-mdm.asciidoc | 14 +-
.../deploy-with-mdm.asciidoc | 142 ++++++++++++++++++
2 files changed, 149 insertions(+), 7 deletions(-)
create mode 100644 docs/serverless/edr-install-config/deploy-with-mdm.asciidoc
diff --git a/docs/management/admin/deploy-with-mdm.asciidoc b/docs/management/admin/deploy-with-mdm.asciidoc
index c3ceb23f31..59f0fa6ecf 100644
--- a/docs/management/admin/deploy-with-mdm.asciidoc
+++ b/docs/management/admin/deploy-with-mdm.asciidoc
@@ -71,13 +71,13 @@ image::images/content-filtering-jamf.png[]
. Under **App Name**, enter `Elastic Security.app`.
. Under **Bundle ID**, enter `co.elastic.alert`.
. In the **Settings** section, include these options with the following settings:
-.. **Critical Alerts**: **Enable**.
-.. **Notifications**: **Enable**.
-.. **Banner alert type**: **Persistent**.
-.. **Notifications on Lock Screen**: **Display**.
-.. **Notifications in Notification Center**: **Display**.
-.. **Badge app icon**: **Display**.
-.. **Play sound for notifications**: **Enable**.
+.. **Critical Alerts**: Enable
+.. **Notifications**: Enable
+.. **Banner alert type**: Persistent
+.. **Notifications on Lock Screen**: Display
+.. **Notifications in Notification Center**: Display
+.. **Badge app icon**: Display
+.. **Play sound for notifications**: Enable
. Save the configuration.
[role="screenshot"]
diff --git a/docs/serverless/edr-install-config/deploy-with-mdm.asciidoc b/docs/serverless/edr-install-config/deploy-with-mdm.asciidoc
new file mode 100644
index 0000000000..8dd36182f8
--- /dev/null
+++ b/docs/serverless/edr-install-config/deploy-with-mdm.asciidoc
@@ -0,0 +1,142 @@
+[[security-deploy-with-mdm]]
+= Deploy {elastic-defend} on macOS with mobile device management
+
+// :description: Configure access for deploying {elastic-defend} on macOS with mobile device management.
+// :keywords: security, how-to, secure
+
+++++
+Deploy on macOS with MDM
+++++
+
+preview:[]
+
+To silently install and deploy {elastic-defend} without the need for user interaction, you need to configure a mobile device management (MDM) profile for {elastic-endpoint}—the installed component that performs {elastic-defend}'s threat monitoring and prevention. This allows you to pre-approve the {elastic-endpoint} system extension and grant Full Disk Access to all the necessary components.
+
+This page explains how to deploy {elastic-defend} silently using Jamf.
+
+[discrete]
+[[security-deploy-with-mdm-configure-a-jamf-mdm-profile]]
+== Configure a Jamf MDM profile
+
+In Jamf, create a configuration profile for {elastic-endpoint}. Follow these steps to configure the profile:
+
+. <>.
+. <>.
+. <>.
+. <>.
+
+[discrete]
+[[security-deploy-with-mdm-approve-the-system-extension]]
+=== Approve the system extension
+
+. Select the **System Extensions** option to configure the system extension policy for the {elastic-endpoint} configuration profile.
+. Make sure that **Allow users to approve system extensions** is selected.
+. In the **Allowed Team IDs and System Extensions** section, add the {elastic-endpoint} system extension:
++
+.. (Optional) Enter a **Display Name** for the {elastic-endpoint} system extension.
+.. From the **System Extension Types** dropdown, select **Allowed System Extensions**.
+.. Under **Team Identifier**, enter `2BT3HPN62Z`.
+.. Under **Allowed System Extensions**, enter `co.elastic.systemextension`.
+. Save the configuration.
+
+[role="screenshot"]
+image::images/deploy-with-mdm/system-extension-jamf.png[]
+
+[discrete]
+[[security-deploy-with-mdm-approve-network-content-filtering]]
+=== Approve network content filtering
+
+. Select the **Content Filter** option to configure the Network Extension policy for the {elastic-endpoint} configuration profile.
+. Under **Filter Name**, enter `ElasticEndpoint`.
+. Under **Identifier**, enter `co.elastic.endpoint`.
+. In the **Socket Filter** section, fill in these fields:
++
+.. **Socket Filter Bundle Identifier**: Enter `co.elastic.systemextension`
+.. **Socket Filter Designated Requirement**: Enter the following:
++
+[source,txt]
+----
+identifier "co.elastic.systemextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z"
+----
+. In the **Network Filter** section, fill in these fields:
++
+.. **Network Filter Bundle Identifier**: Enter `co.elastic.systemextension`
+.. **Network Filter Designated Requirement**: Enter the following:
++
+[source,txt]
+----
+identifier "co.elastic.systemextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z"
+----
+. Save the configuration.
+
+[role="screenshot"]
+image::images/deploy-with-mdm/content-filtering-jamf.png[]
+
+[discrete]
+[[security-deploy-with-mdm-enable-notifications]]
+=== Enable notifications
+
+. Select the **Notifications** option to configure the Notification Center policy for the {elastic-endpoint} configuration profile.
+. Under **App Name**, enter `Elastic Security.app`.
+. Under **Bundle ID**, enter `co.elastic.alert`.
+. In the **Settings** section, include these options with the following settings:
++
+.. **Critical Alerts**: Enable
+.. **Notifications**: Enable
+.. **Banner alert type**: Persistent
+.. **Notifications on Lock Screen**: Display
+.. **Notifications in Notification Center**: Display
+.. **Badge app icon**: Display
+.. **Play sound for notifications**: Enable
+. Save the configuration.
+
+[role="screenshot"]
+image::images/deploy-with-mdm/notifications-jamf.png[]
+
+[discrete]
+[[security-deploy-with-mdm-enable-full-disk-access]]
+=== Enable Full Disk Access
+
+. Select the **Privacy Preferences Policy Control** option to configure the Full Disk Access policy for the {elastic-endpoint} configuration profile.
+. Add a new entry with the following details:
++
+.. Under **Identifier**, enter `co.elastic.systemextension`.
+.. From the **Identifier Type** dropdown, select **Bundle ID**.
+.. Under **Code Requirement**, enter the following:
++
+[source,txt]
+----
+identifier "co.elastic.systemextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z"
+----
++
+.. Make sure that **Validate the Static Code Requirement** is selected.
+. Add a second entry with the following details:
++
+.. Under **Identifier**, enter `co.elastic.endpoint`.
+.. From the **Identifier Type** dropdown, select **Bundle ID**.
+.. Under **Code Requirement**, enter the following:
++
+[source,txt]
+----
+identifier "co.elastic.endpoint" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z"
+----
++
+.. Make sure that **Validate the Static Code Requirement** is selected.
+. Add a third entry with the following details:
++
+.. Under **Identifier**, enter `co.elastic.elastic-agent`.
+.. From the **Identifier Type** dropdown, select **Bundle ID**.
+.. Under **Code Requirement**, enter the following:
++
+[source,txt]
+----
+identifier "co.elastic.elastic-agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z"
+----
++
+.. Make sure that **Validate the Static Code Requirement** is selected.
+. Save the configuration.
+
+[role="screenshot"]
+image::images/deploy-with-mdm/fda-jamf.png[]
+
+After you complete these steps, generate the mobile configuration profile and install it onto the macOS machines. Once the profile is installed, {elastic-defend} can be deployed without the need for user interaction.
From 09f4bd9eafe30ac8f4f9b197ee3cafc9bf7a8191 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
Date: Thu, 14 Nov 2024 16:09:50 +0000
Subject: [PATCH 2/2] Delete docs/serverless directory and its contents
---
.../deploy-with-mdm.asciidoc | 142 ------------------
1 file changed, 142 deletions(-)
delete mode 100644 docs/serverless/edr-install-config/deploy-with-mdm.asciidoc
diff --git a/docs/serverless/edr-install-config/deploy-with-mdm.asciidoc b/docs/serverless/edr-install-config/deploy-with-mdm.asciidoc
deleted file mode 100644
index 8dd36182f8..0000000000
--- a/docs/serverless/edr-install-config/deploy-with-mdm.asciidoc
+++ /dev/null
@@ -1,142 +0,0 @@
-[[security-deploy-with-mdm]]
-= Deploy {elastic-defend} on macOS with mobile device management
-
-// :description: Configure access for deploying {elastic-defend} on macOS with mobile device management.
-// :keywords: security, how-to, secure
-
-++++
-Deploy on macOS with MDM
-++++
-
-preview:[]
-
-To silently install and deploy {elastic-defend} without the need for user interaction, you need to configure a mobile device management (MDM) profile for {elastic-endpoint}—the installed component that performs {elastic-defend}'s threat monitoring and prevention. This allows you to pre-approve the {elastic-endpoint} system extension and grant Full Disk Access to all the necessary components.
-
-This page explains how to deploy {elastic-defend} silently using Jamf.
-
-[discrete]
-[[security-deploy-with-mdm-configure-a-jamf-mdm-profile]]
-== Configure a Jamf MDM profile
-
-In Jamf, create a configuration profile for {elastic-endpoint}. Follow these steps to configure the profile:
-
-. <>.
-. <>.
-. <>.
-. <>.
-
-[discrete]
-[[security-deploy-with-mdm-approve-the-system-extension]]
-=== Approve the system extension
-
-. Select the **System Extensions** option to configure the system extension policy for the {elastic-endpoint} configuration profile.
-. Make sure that **Allow users to approve system extensions** is selected.
-. In the **Allowed Team IDs and System Extensions** section, add the {elastic-endpoint} system extension:
-+
-.. (Optional) Enter a **Display Name** for the {elastic-endpoint} system extension.
-.. From the **System Extension Types** dropdown, select **Allowed System Extensions**.
-.. Under **Team Identifier**, enter `2BT3HPN62Z`.
-.. Under **Allowed System Extensions**, enter `co.elastic.systemextension`.
-. Save the configuration.
-
-[role="screenshot"]
-image::images/deploy-with-mdm/system-extension-jamf.png[]
-
-[discrete]
-[[security-deploy-with-mdm-approve-network-content-filtering]]
-=== Approve network content filtering
-
-. Select the **Content Filter** option to configure the Network Extension policy for the {elastic-endpoint} configuration profile.
-. Under **Filter Name**, enter `ElasticEndpoint`.
-. Under **Identifier**, enter `co.elastic.endpoint`.
-. In the **Socket Filter** section, fill in these fields:
-+
-.. **Socket Filter Bundle Identifier**: Enter `co.elastic.systemextension`
-.. **Socket Filter Designated Requirement**: Enter the following:
-+
-[source,txt]
-----
-identifier "co.elastic.systemextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z"
-----
-. In the **Network Filter** section, fill in these fields:
-+
-.. **Network Filter Bundle Identifier**: Enter `co.elastic.systemextension`
-.. **Network Filter Designated Requirement**: Enter the following:
-+
-[source,txt]
-----
-identifier "co.elastic.systemextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z"
-----
-. Save the configuration.
-
-[role="screenshot"]
-image::images/deploy-with-mdm/content-filtering-jamf.png[]
-
-[discrete]
-[[security-deploy-with-mdm-enable-notifications]]
-=== Enable notifications
-
-. Select the **Notifications** option to configure the Notification Center policy for the {elastic-endpoint} configuration profile.
-. Under **App Name**, enter `Elastic Security.app`.
-. Under **Bundle ID**, enter `co.elastic.alert`.
-. In the **Settings** section, include these options with the following settings:
-+
-.. **Critical Alerts**: Enable
-.. **Notifications**: Enable
-.. **Banner alert type**: Persistent
-.. **Notifications on Lock Screen**: Display
-.. **Notifications in Notification Center**: Display
-.. **Badge app icon**: Display
-.. **Play sound for notifications**: Enable
-. Save the configuration.
-
-[role="screenshot"]
-image::images/deploy-with-mdm/notifications-jamf.png[]
-
-[discrete]
-[[security-deploy-with-mdm-enable-full-disk-access]]
-=== Enable Full Disk Access
-
-. Select the **Privacy Preferences Policy Control** option to configure the Full Disk Access policy for the {elastic-endpoint} configuration profile.
-. Add a new entry with the following details:
-+
-.. Under **Identifier**, enter `co.elastic.systemextension`.
-.. From the **Identifier Type** dropdown, select **Bundle ID**.
-.. Under **Code Requirement**, enter the following:
-+
-[source,txt]
-----
-identifier "co.elastic.systemextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z"
-----
-+
-.. Make sure that **Validate the Static Code Requirement** is selected.
-. Add a second entry with the following details:
-+
-.. Under **Identifier**, enter `co.elastic.endpoint`.
-.. From the **Identifier Type** dropdown, select **Bundle ID**.
-.. Under **Code Requirement**, enter the following:
-+
-[source,txt]
-----
-identifier "co.elastic.endpoint" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z"
-----
-+
-.. Make sure that **Validate the Static Code Requirement** is selected.
-. Add a third entry with the following details:
-+
-.. Under **Identifier**, enter `co.elastic.elastic-agent`.
-.. From the **Identifier Type** dropdown, select **Bundle ID**.
-.. Under **Code Requirement**, enter the following:
-+
-[source,txt]
-----
-identifier "co.elastic.elastic-agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z"
-----
-+
-.. Make sure that **Validate the Static Code Requirement** is selected.
-. Save the configuration.
-
-[role="screenshot"]
-image::images/deploy-with-mdm/fda-jamf.png[]
-
-After you complete these steps, generate the mobile configuration profile and install it onto the macOS machines. Once the profile is installed, {elastic-defend} can be deployed without the need for user interaction.